What Is OpenVPN & Is It Safe Enough To Use In 2019?
OpenVPN is the most popular VPN protocol. It’s also regarded as the safest. We investigated it to make sure it’s really as safe as people claim.
Read on to find out more about what this protocol is, how OpenVPN works, and whether or not it’s safe to use.
What Is OpenVPN?
VPNs send data to and from the internet in virtual tunnels.
These digital tunnels both encapsulate your information, camouflaging it by wrapping it in layers of additional data, and encrypt it, translating it into a special code that only your intended destination can decipher. These two steps go a long way toward defending your data.
However, not all tunnels are the same. There are various ways to mask and encrypt online information. We call these protocols. Some protocols are better than others.
OpenVPN is widely regarded to be the gold standard in protocols. Developed in 2001, it’s open-source, meaning that anyone can access and modify its code. This has created a community of VPN protocol programmers and users who constantly test, update, and improve the protocol.
The basic version of OpenVPN (OpenVPN Community Edition) is free, but the protocol offers more advanced features on its paid version (OpenVPN Access Server).
In addition, many people who use OpenVPN do so through a VPN provider, which usually has a small monthly cost.
How Does OpenVPN Work?
To decide if OpenVPN is the right protocol for you to use with your VPN, it helps to understand how OpenVPN works. One of the wonderful things about OpenVPN is that it’s very versatile, so there isn’t one standard, cookie-cutter way that it operates.
The open-source community around OpenVPN is always trying out new features, getting rid of glitches, and generally enhancing the protocol, so how it works may change from month to month or year to year.
In addition, this protocol is relatively customizable, so you (or your VPN provider) may decide to adjust certain aspects and settings to better suit your preferences.
Generally speaking, however, OpenVPN provides tunneling through SSL (Secure Sockets Layer) and its updated form, TLS (Transport Layer Security). It draws heavily from the OpenSSL library, which is an open-source archive of protocols and security tools.
SSL/TLS protocols are ways of sharing the keys to both encode and decode information that is sent between devices. This is the heart of encryption.
For extra safety, OpenVPN also includes TLS-auth, also called HMAC (Hash Message Authentication Code) packet authentication or an HMAC firewall. This is an extra step that helps confirm that only the right users and devices can encrypt and decrypt data.
In terms of the actual encryption features, OpenVPN supports a variety of ciphers, which are the ways of writing code.
OpenVPN standardly implements 256-bit encryption, which means that its keys (the elements that “unlock” encrypted messages) are composed of 256 0s and 1s, making them very difficult to guess or crack.
OpenVPN can also use other, even stronger ciphers, such as 3DES (triple data encryption standard), Blowfish, CAST-128, or AES (Advanced Encryption Standard).
The protocol also supports an additional encryption feature called Perfect Forward Secrecy (PFS). This approach creates a brand new key each time you go online, just in case someone tried to steal your key from one session and use it to decrypt your messages during a different one.
OpenVPN can also be used on both TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). These are both methods of connecting devices and transmitting information online.
OpenVPN with TCP is more reliable, but UDP is faster. You can decide which makes more sense for your needs.
When it comes to network setup options, OpenVPN is very adaptable. As the protocol’s website explains, “cross-platform VPN Clients and our VPN Server solutions provide the flexibility to deploy site to site, site to cloud, cloud to cloud, users to cloud, and many other network configurations.”
You can also use third-party applications, scripts, and plugins to further enhance OpenVPN’s functionality. These all make the protocol even more accommodating and powerful.
Unlike some other protocols, which work best or even only on certain operating systems, OpenVPN is set up for Mac, Android, Windows, Linux, iOS, and other platforms. This makes it a good choice if you want to run your VPN service on many different devices.
OpenVPN is so multifaceted that to describe exactly how it works in detail could take days, but broadly speaking, it offers SSL/TLS tunneling, virtually any kind of encryption you’d like, TCP and UDP options, all sorts of network configurations, and third-party upgrades, all while running on just about any device.
These features help it operate optimally and stay on the cutting-edge of cybersecurity.
Is OpenVPN Safe?
In short: yes. OpenVPN is generally the most secure protocol you can find and comes highly recommended by our experts. Audits of the protocol’s security found only minor issues, which OpenVPN quickly resolved.
OpenVPN is even typically considered safe from spying by the NSA (United States National Security Agency), which has sophisticated methods and a large budget.
Furthermore, as an open-source protocol, OpenVPN is not owned and operated by a major corporation. In contrast, Microsoft developed and owns both PPTP (Point-to-Point Tunneling) and SSTP (Secure Socket Tunneling Protocol) protocols.
When a big company owns and manages a protocol, you have to trust it not to share your information with government agencies or other organizations.
Since you can’t see the protocol’s code directly, you also have to believe that the company keeps its protocol updated and in top condition. With OpenVPN, you don’t have to worry about either of these concerns.
In addition, OpenVPN’s many state-of-the-art features make it maximally secure. Its ciphers are generally quite strong, giving it optimal encryption.
Its custom SSL/TLS tunneling is also typically safe and reliable, especially when used on TCP.
Making use of OpenVPN’s PFS encryption option further strengthens this protocol’s already outstanding security.
In fact, when it comes to protecting your privacy, using OpenVPN on TCP Port 443 can make it appear to outsiders as if you’re not even using a VPN (while you reap all the security benefits of having one in place).
Since OpenVPN is so customizable, you can also modify it to suit your security preferences and make your VPN even safer. OpenVPN offers a list of recommendations to improve security after installation for that very purpose.
OpenVPN’s open-source community also continuously evaluates the protocol’s security, looking for and patching up any problems.
The fact that this protocol is regularly updated greatly enhances its safety. Hackers and cybercriminals are always searching for new ways to access victims’ data, but open-source programmers work just as diligently to protect the protocol.
Given all of the above elements, OpenVPN is the most secure VPN protocol currently available. We usually recommend using VPN providers that tunnel with OpenVPN because of this protocol’s high security ratings, among numerous other positive attributes.
Benefits of OpenVPN
In addition to being the all-around safest VPN protocol, OpenVPN offers other advantages. Users often appreciate that OpenVPN is:
- Excellent at getting around firewalls. OpenVPN’s adaptability to TCP and UDP make it easier for this protocol to get around firewalls. This is especially true with OpenVPN set to Port TCP 443. This setting makes VPN traffic look just like regular internet activity.
- Highly customizable. This makes OpenVPN more secure, but it also enhances the protocol in other ways. You can decide exactly which encryption procedures, ciphers, network configurations, and other settings work for you. Having more control over your tunneling protocol can improve your VPN experience.
- Regularly updated. While other protocols may become outdated, OpenVPN’s open-source community and driven company leaders make sure that this protocol stays current. Furthermore, since OpenVPN welcomes third-party plugins and scripts, you can enjoy the latest, most innovative add-ons for the protocol.
- Relatively fast. While OpenVPN isn’t necessarily the fastest VPN tunneling protocol available, it’s still quite swift, especially for the strong encryption it provides. Its speeds can easily keep up with most VPN users’ demands.
- Free to use. As we noted above, OpenVPN offers a free version, so you can use this protocol without paying a cent. The paid version and VPN subscription services that use OpenVPN are also typically quite reasonably priced.
- Well-supported by its open-source community. Many of the tech-savvy programmers, VPN providers, and users who interact with OpenVPN on a daily basis are routinely noting errors and glitches with the protocol so these can be rapidly addressed. This community is also available to answer any questions you may have about OpenVPN. Of course, you can also find excellent support from many of the VPN providers who use OpenVPN as part of their products.
These many merits make OpenVPN our suggested go-to VPN protocol. It provides an ideal balance of security, dependability, customizability, support, speed, and cost.
Downsides of OpenVPN
While our experts largely agree that OpenVPN is the best VPN protocol overall, no protocol is perfect. OpenVPN’s disadvantages are minimal, but some users are concerned that this protocol:
- Can be slower than some, depending on the level of encryption used and the processing power of your particular device. However, we wouldn’t recommend sacrificing security for speed. You may be able to safely improve your connection speeds by using OpenVPN over UDP rather than TCP.
- May be difficult to install and configure. Trying to use OpenVPN on its own, without a VPN service provider, can be quite tricky. It’s definitely possible for technically proficient users to figure out, but it may take skill, time, and effort to set up. In addition, if you install it improperly, it may cause security issues or other problems. We recommend using a VPN service provider with an OpenVPN protocol to avoid this headache and ensure you take advantage of everything the protocol has to offer.
- Isn’t built into devices. Some protocols come automatically installed in certain platforms, making them maximally easy to use. OpenVPN does not come with any specific platforms, but it can work on most, as long as you install the proper software client to run it.
- Cannot run on some servers. Some servers simply won’t work with OpenVPN. Fortunately, most do, and if you come across a stubborn server, you may be able to find ways around this, such as using a proxy.
- Doesn’t always run well on mobile devices. Although OpenVPN is versatile enough to operate on all sorts of different platforms, its mobile service and support sometimes don’t work as well as users might hope. It’s safe to assume the open-source community is working on improving this, but you might not enjoy quite the same level of service from this protocol on mobile as on other platforms.
- Might be blocked. Because OpenVPN is so popular, some servers and systems check for this protocol and block it. This can prevent you from using your VPN or from accessing the online data you want. However, adjusting your settings can help bypass these blocks, and there are a few other strategies you can try to hide the fact that you’re using OpenVPN.
OpenVPN is not without its flaws, but most of these are easily remedied, so it is still our number one recommended VPN protocol.
How to Use OpenVPN
As we’ve gone over, OpenVPN is not the easiest protocol to manually install and run all on your own. Tech-savvy users may be able to do so relatively easily, but there will still be room for error in this process, and any mistakes could be difficult to fix.
Setting Up OpenVPN Yourself (The Hard Way)
If you’re insistent on setting up OpenVPN yourself, you’ll need to follow these general steps:
- Install the protocol onto your device.
- Begin adjusting your settings for routing and creating subnets.
- Start setting up your encryption techniques by creating certificates and keys to be used.
- Test out the protocol to make sure it’s connected and configure it to run automatically on your system.
- Add more devices to your OpenVPN network.
- Design and generate rules for these additional devices.
- Set up appropriate authentication for your protocol.
- Decide how you’ll allow OpenVPN to connect to various related services and data.
- Configure protections in case the protocol ever fails.
- Enhance and finalize your OpenVPN settings.
- Begin using the protocol to go online.
The above may seem somewhat complex, but it is a simplified version of what you would actually need to do to set up OpenVPN by yourself. In its installation guide, OpenVPN provides over 20 steps, many of which require their own sub-steps.
Using a VPN Provider to Configure OpenVPN (The Easy Way)
It’s much simpler to set up OpenVPN as part of a VPN subscription service. In this case, your VPN provider will do the bulk of the installation work and provide you with clear instructions on how to configure the protocol for your specific device, as needed.
The process can vary from provider to provider and device to device, but generally speaking, you will just need to:
- Sign up with a VPN provider and pay for a subscription. There are some reputable free VPN providers on the market, but generally, paid VPN subscriptions provide the highest quality service. Many of these subscriptions have very low monthly fees, as well as free trials and similar deals. For example, ExpressVPN offers an OpenVPN protocol option and a 30-day money-back guarantee.
- Install your VPN provider’s application onto your device.
- Log in to your VPN with the username and password you set up when you purchased it.
- Select the protocol and server you want to use.
- Begin browsing the web, playing games, streaming videos, communicating with friends, or engaging in any other online activity with confidence that your data is private, your connection is safe, and you can access the content you want (without the limitations of geo-restrictions).
With a VPN provider, using OpenVPN can be this simple. In addition, if you want more advanced control of your protocol, many providers offer guides to help you manually set up OpenVPN through their services, making the process much smoother. For instance, OpenVPN provides a tutorial for configuring OpenVPN on Windows 8.
Conclusion and Further Reading
OpenVPN is a common VPN protocol that is most definitely safe to use and, with the right VPN provider, can be simple to set up, as well.
Do you want to learn more about VPNs and their safety measures? Are you interested in finding a VPN provider with secure OpenVPN protocol options? We recommend reading the following articles: